Tuesday, July 1, 2014

More Utility Bashing

In this
recent post, I discussed three particularly egregious instances of people
reflexively dumping on electric utilities for poor cyber security, without bothering
to back up what they said with any evidence.
The first example was an article on the Smart Grid News website, which had attacked the new NERC physical
security standard without bothering to understand how and why the standard was
developed.

I regret to say that SGN is at it again. In this
recent article – whose overall premise I basically agree with – Jesse Berst
takes a pot shot (so to speak) at Pacific Gas and Electric, owner of the
Metcalf substation, by saying “Metcalf is the California substation that was
attacked last year (though the incident was not revealed until the following
spring).”

I found this quite interesting, since I remember reading
about the incident when it happened in April 2013. Sure enough, a quick Google search found several
contemporaneous articles, including this
one published the same day as the attack.

It is true that the publicity became much more widespread
this year, when the former FERC chairman began raising the issue repeatedly,
and some US Senators and Congressmen wrote FERC to do something about this
(even though they had been doing a lot) – this led to the new physical security
standard, CIP-014-1.

But to say that this was never disclosed last year is just another
example of the reflexive utility bashing that seems to be one of the biggest
sports in the media nowadays. I’m
certainly not saying the utilities can’t be criticized for poor cyber security
practices. But make your case, guys –
based on facts.

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Honeywell.